package com.hongxinguoji.manager.admin.realm;

import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.hongxinguoji.manager.admin.mapper.HxAuthFunctionMapper;
import com.hongxinguoji.manager.admin.mapper.HxUserMapper;
import com.hongxinguoji.manager.admin.pojo.HxAuthFunction;
import com.hongxinguoji.manager.admin.pojo.HxAuthFunctionExample;
import com.hongxinguoji.manager.admin.pojo.HxUser;
import com.hongxinguoji.manager.admin.pojo.HxUserExample;
import com.hongxinguoji.manager.admin.pojo.HxUserExample.Criteria;

public class LoginRealm extends AuthorizingRealm {

	private HxUserMapper userMapper;

	private HxAuthFunctionMapper functionMapper;

	public HxUserMapper getUserMapper() {
		return userMapper;
	}

	public void setUserMapper(HxUserMapper userMapper) {
		this.userMapper = userMapper;
	}

	public HxAuthFunctionMapper getFunctionMapper() {
		return functionMapper;
	}

	public void setFunctionMapper(HxAuthFunctionMapper functionMapper) {
		this.functionMapper = functionMapper;
	}

	// 认证方法
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
		// 从令牌中获得用户名
		String username = upToken.getUsername();
		// 根据用户名查询用户
		// 设置查询条件
		HxUserExample example = new HxUserExample();
		// 设置查询条件，用户状态可用
		// 1：可以，0不可用
		Criteria criteria = example.createCriteria();
		criteria.andUsernameEqualTo(username);
		criteria.andStatusEqualTo(1);

		// 执行查询
		List<HxUser> list = userMapper.selectByExample(example);
		HxUser user = null;
		if (list != null && list.size() > 0) {
			user = list.get(0);
		}

		if (user == null) {
			// 用户不存在
			return null;
		} else {
			// 用户名存在
			// 获得数据库中存储的密码
			String password = user.getPassword();
			// 创建简单认证信息对象
			SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password,
					this.getClass().getSimpleName());
			// 返回给安全管理器，由安全管理器负责比对数据库中查询出的密码和页面提交的密码
			return info;
		}

	}

	// 授权方法
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		HxUser user = (HxUser) principals.getPrimaryPrincipal();
		List<HxAuthFunction> list = null;
		if (user.getUsername().equals("admin")) {
			HxAuthFunctionExample example = new HxAuthFunctionExample();
			// 当前用户是超级管理员，查询所有权限，为用户授权
			list = functionMapper.selectByExample(example);
		} else {
			// 普通用户，根据用户id查询对应的权限
			list = functionMapper.getUserAuthByUserId(user.getId());
		}

		// 添加权限信息
		for (HxAuthFunction function : list) {
			info.addStringPermission(function.getCode());
		}
		return info;
	}
}
